如何修复使用Ansible安装软件包时拒绝错误的权限？

Question

我想写一个简单的Ansible Playbook，请看下面的代码片段。使用Ansible 2.4.0.0，Ubuntu 17.04，Python 2.7.13。 这是我第一次使用Ansible和Playbooks，所以请不要太苛刻。我究竟做错了什么？

playbook.yml

--- 
- name: install packages 
    hosts: dbservers 
    become: yes 
    become_method: sudo 
    become_user: user 

    tasks: 
    - name: Update repositories cache and install "python-minimal" package 
    apt: 
    name: python-minimal 
    update_cache: yes 

hosts文件

--- 
[dbservers] 
db ansible_host=127.0.0.1 ansible_port=22 ansible_user=user ansible_ssh_pass=pass ansible_become_pass=pass ansible_become_user=user 

命令：以下错误ansible-playbook -i hosts playbook.yml -vvv

命令以上的回报：

The full traceback is: 
    File "/tmp/ansible_yozgsn/ansible_module_apt.py", line 287, in <module> 
    import apt 

fatal: [db]: FAILED! => { 
    "changed": false, 
    "cmd": "apt-get update", 
    "failed": true, 
    "invocation": { 
     "module_args": { 
      "allow_unauthenticated": false, 
      "autoclean": false, 
      "autoremove": false, 
      "cache_valid_time": 0, 
      "deb": null, 
      "default_release": null, 
      "dpkg_options": "force-confdef,force-confold", 
      "force": false, 
      "force_apt_get": false, 
      "install_recommends": null, 
      "name": "python-minimal", 
      "only_upgrade": false, 
      "package": [ 
       "python-minimal" 
      ], 
      "purge": false, 
      "state": "present", 
      "update_cache": true, 
      "upgrade": null 
     } 
    }, 
    "msg": "W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)\nE: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)\nE: Unable to lock directory /var/lib/apt/lists/\nW: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)\nW: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)", 
    "rc": 100, 
    "stderr": "W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)\nE: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)\nE: Unable to lock directory /var/lib/apt/lists/\nW: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)\nW: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)\n", 
    "stderr_lines": [ 
     "W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)", 
     "E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)", 
     "E: Unable to lock directory /var/lib/apt/lists/", 
     "W: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)", 
     "W: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)" 
    ], 
    "stdout": "Reading package lists...\n", 
    "stdout_lines": [ 
     "Reading package lists..." 
    ] 
} 

编辑：如果我连接到CT通过SSH到同一台机器我可以手动更新apt-cache并使用相同的用户安装软件包（使用sudo）。如果我在Playbook中运行命令'whoami'，它将返回预期结果（用户名）。

Answer 1

如果您的用户sudo访问，使用become: -

tasks: 
    - name: Update repositories cache and install "python-minimal" package 
    become: yes 
    apt: 
     name: python-minimal 
     update_cache: yes 

Answer 2

我想你混淆become_user和remote_user。 remote_user是Ansible将用于ssh到服务器的用户，而become_user是Ansible将切换到并在服务器上运行任务的用户。您可以在Ansible's docs内找到更多有关become_user和remote_user的信息。

所以这里发生了什么是你的剧本试图成为“用户”用户和安装软件包。它不是以root身份安装软件包，而这正是您所需要的。要解决此问题，您可以从您的剧本中删除become_user参数（become_user默认为root），或者您可以将become_user参数添加到您的任务。

- name: Update repositories cache and install "python-minimal" package 
    apt: 
    name: python-minimal 
    update_cache: yes 
    become_user: root